| Plugin Title | Insecure Ciphers |
| Cloud | AWS |
| Category | ELB |
| Description | Detect use of insecure ciphers on ELBs |
| More Info | Various security vulnerabilities have rendered several ciphers insecure. Only the recommended ciphers should be used. |
| AWS Link | http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-security-policy-options.html |
| Recommended Action | Update your ELBs to use the recommended cipher suites |
- Log into the AWS Management Console.
- Select the "Services" option and search for EC2.
- In the "EC2 Dashboard" scroll down and look for "Load Balancers" and click on "Load Balancers" to get into "Load Balancers" dashboard.
- Select the "Load Balancer" which needs to be verified.
- Select the "Listeners" tab from the bottom panel and scroll down to the "Cipher" column of HTTPS Listener and click on "Change" option.
- From "Select a Cipher" panel select either of "Predefined Security Policy" and "Custom Security Policy".
- Scan the "SSL Cipher Section" from selected "Security Policy" for any insecure ciphers. Refer to the link for all secure ciphers. https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-ssl-security-policy.html#ssl-ciphers
- Scroll down and click on "Save" button to make the changes.
